Bug in Bash Shell Creates Big Security Hole on UNIX/Linux

Table of Contents

A security vulnerability in the GNU Bourne Again Shell (Bash) — the command-line shell used in many Linux and Unix operating systems — could leave systems open to exploitation by specially crafted attacks.

The bug, discovered by Stephane Chazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash is configured as the default system shell, it can be exploited by network-based attackers against servers and other Unix and Linux devices via web requests, SSH, telnet sessions, or other programs that use Bash to execute scripts.

The vulnerability affects Bash versions 1.14 through 4.3. Patches were issued by major Linux distribution vendors for affected versions, including Red Hat Enterprise Linux, CentOS, and Ubuntu.

How to test your system

From a command line, run:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable
this is a test

An unaffected (or patched) system will output something like:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

What to do

Update Bash to a patched version. On most distributions, a blanket package update for Bash is the safest approach.

Because Bash is often used by Apache (CGI), OpenSSH, DHCP clients, and other services — not just interactive shells — this was a broad infrastructure issue, not just a desktop concern.

Originally published on LinfoPage.Com (September 2014). Source reference: Ars Technica coverage.

Tags :
Share :

Related Posts

How Linux is Built

Hi Guys, I am back to blogging after a short time. I happy to inform you all that I have got a Job in a company as Open-Source Support Engineer by fulfilling my ambition of placing my career in Open-Source.

Read More
Busting The Biggest Myths About Linux

Busting The Biggest Myths About Linux

For many years Windows was the only operating system for many computer users. In fact, a majority of these users even didn’t know that there was any other OS in the world. And for this reason, Linux, the free and open-source operating system was totally alienated. And slowly when people started to hear about the Linux based OS, many misconceptions started to cloud the free flow of the free and open source OS. So here we are trying to put some light on the real facts by killing the popular misconceptions!

Read More
How to Improve the Performance of Drupal Sites

How to Improve the Performance of Drupal Sites

A site is only as fast as its last mile connectivity. If users access a site from a slow connection, even a site capable of responding quickly to requests will appear to be slow. A content management system like Drupal throws in additional challenges to the Web architect in improving performance because, typically, the Apache process takes up more space than a site serving traditional HTML or PHP pages. Read on to take a look at the various external factors that impact performance, and explore ways to mitigate them.

Read More